[one-users] Problem with virtual network ACLs for multiple users

Carlos Martín Sánchez cmartin at opennebula.org
Tue Jul 24 08:55:05 PDT 2012


Hi,

The error messages in the screen captures you both sent are not related to
permissions or ACL rules.

When a NIC (or DISK) uses a Virtual Network (or Image), you can set its ID,
or its name and owner [1].
Sunstone sets the following in the VM templates:

NIC = [ NETWORK = 319ervlan, NETWORK_UID = 6 ]

>From your screen captures, looks like you created the VM Template when the
network 319ervlan was owned by the User 6, and then changed its owner to 7.


Regards

[1] http://opennebula.org/documentation:rel3.6:template



--
Carlos Martín, MSc
Project Engineer
OpenNebula - The Open-source Solution for Data Center Virtualization
www.OpenNebula.org | cmartin at opennebula.org |
@OpenNebula<http://twitter.com/opennebula><cmartin at opennebula.org>



On Tue, Jul 24, 2012 at 2:04 PM, Michael Rebstock <
rusreb at rus.uni-stuttgart.de> wrote:

> Hi Jan, hi Carlos Martín,****
>
> ** **
>
> as Carlos Martín mentioned in is first Mail, I executed the chmod-command
> (“onevnet chmod 0 604”) but this did not solve my problem.****
>
> Moreover I created all my images by providing a path, so this seems not to
> be the adequate solution for my problem, Jan.****
>
> ** **
>
> In the attachment I added some screenshots, including:****
>
> - the error-message when trying to instantiate a new VM
> (“createNewVM_error”), ****
>
> - the Image info(“ImageInformation”), ****
>
> - the VLAN info (“VLAN319_info”) and ****
>
> - the users and groups (“UserAndGroups”).****
>
> ** **
>
> Hope that helps you to help me ;-)****
>
> ** **
>
> Best Regards****
>
> Michael****
>
> ** **
>
> *Von:* Jan Benadik [mailto:jan.benadik at atos.net]
> *Gesendet:* Dienstag, 24. Juli 2012 08:30
> *An:* Carlos Martín Sánchez
> *Cc:* rusreb at rus.uni-stuttgart.de; users at lists.opennebula.org
> *Betreff:* Re: [one-users] Problem with virtual network ACLs for multiple
> users****
>
> ** **
>
> Hi,
>
> let see an attached screenshots.
>
> As I wrote already - if the HDD image is created by providing path to
> file, everything works well (picture image-prop-right.png), if HDD image is
> created by providing "source" - an error (shot1.png) occurs in time of VM
> starting.
>
> Jan****
>
> Dňa 23.07.2012 18:45, Carlos Martín Sánchez wrote / napísal(a):****
>
> Hi, ****
>
> ** **
>
> Could elaborate a bit more? What error message is returning opennebula?***
> *
>
> ** **
>
> Regards
> --
> Carlos Martín, MSc
> Project Engineer
> OpenNebula - The Open-source Solution for Data Center Virtualization ****
>
> www.OpenNebula.org | cmartin at opennebula.org | @OpenNebula<http://twitter.com/opennebula>
> ****
>
>
>
> ****
>
> On Mon, Jul 23, 2012 at 12:28 PM, Jan Benadik <jan.benadik at atos.net>
> wrote:****
>
> Maybe there is other reason ...
> I have this issue if my images are created by setting "source", not "path"
> (if you understand what I mean). If a new image is created by providing
> "path", everything works well after that.
>
> Maybe the same issue has Michael.
>
> Michael - can you confirm it?
>
> Jan****
>
> Dňa 23.07.2012 11:57, Carlos Martín Sánchez wrote / napísal(a):****
>
> Hi Michael and Jan, ****
>
> ** **
>
> I've been trying to reproduce your problem, and everything works fine for
> me. Maybe this is a documentation problem, and some concepts are not as
> clear as we thought.****
>
> ** **
>
> Each resource has an owner and group, and permissions for each of them.
> The permissions are set with the chown command, and are quite similar to
> the unix file permissions [1]. By default, resources are created with 600,
> or****
>
> ** **
>
> PERMISSIONS
>       ****
>
> OWNER          : um-                 ****
>
> GROUP          : ---                 ****
>
> OTHER          : ---   ****
>
> ** **
>
> If you create a vnet as oneadmin, and want all the users to be able to use
> it in their VMs, simply execute 'onevnet chmod <id> 604', to set USE
> permissions for OTHER. Similarly, if you want to make a VNet available to
> its group, then execture chmod <id> 640.****
>
> ** **
>
> ** **
>
> Regards****
>
> ** **
>
> [1] http://opennebula.org/documentation:rel3.6:chmod****
>
> ** **
>
>
> --
> Carlos Mart�n, MSc ****
>
>
> Project Engineer
> OpenNebula - The Open-source Solution for Data Center Virtualization ****
>
> www.OpenNebula.org | cmartin at opennebula.org | @OpenNebula<http://twitter.com/opennebula>
> ****
>
>
>
> ****
>
> On Mon, Jul 23, 2012 at 10:40 AM, Jan Benadik <jan.benadik at atos.net>
> wrote:****
>
> Hi all,
>
> from the OpenNebula 3.6 version I have the same problem (no problem in
> previous version).
>
> Jan****
>
> D�a 21.07.2012 11:30, Michael Rebstock wrote / nap�sal(a):****
>
> Hello Everybody,****
>
>  ****
>
> I have a problem when trying to use Opennebula with more than one user. I
> have a virtual network with the owner "oneadmin". When I log in with a
> self-created user "oneuser" and try to deploy a new virtual machine, there
> pops up an errormessage, that the user has not the permission to use the
> network I specified in the Template. When I change the owner of this
> network to "oneuser", he is able to deploy VMs. From this point on oneadmin
> isn't able to deploy a VM. ****
>
> I also tried to create two different users who are in the same group and
> set the ownership of the network to this group but this also didn't work.
> ****
>
>  ****
>
> In the ACL-documentation [0] I found the following: "@106 NET/#47 USE" and
> I already tried it out -without success.****
>
>  ****
>
> What am I doing wrong? Is it possible to let different users use the same
> network without making them the owner of the same?****
>
> Thanks in advance.****
>
>  ****
>
> Best Regards****
>
> Michael****
>
>  ****
>
> [0] http://opennebula.org/documentation:archives:rel3.4:manage_acl****
>
>
>
> ****
>
> _______________________________________________****
>
> Users mailing list****
>
> Users at lists.opennebula.org****
>
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org****
>
> ** **
>
> --
>
> *J�n Be�adik*****
>
> Managed Services - Solution Design Architect
> +421 46 5151 332
> +421 903 691 634
> jan.benadik at atos.net <//jan.benadik at atos.net>****
>
> Vinohradn�cka 6, 971 01 Prievidza
> www.sk.atos.net
> __________________________________
>
> ****
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org****
>
> ** **
>
> ** **
>
> --
>
> *Ján Beňadik*
> Managed Services - Solution Design Architect
> +421 46 5151 332
> +421 903 691 634
> jan.benadik at atos.net <//jan.benadik at atos.net>
> Vinohradnícka 6, 971 01 Prievidza
> www.sk.atos.net
> __________________________________
>
> ****
>
> ** **
>
> ** **
>
> --
>
> *Ján Beňadik*
> Managed Services - Solution Design Architect
> +421 46 5151 332
> +421 903 691 634
> jan.benadik at atos.net <//jan.benadik at atos.net>
> Vinohradnícka 6, 971 01 Prievidza
> www.sk.atos.net
> __________________________________
>
> ****
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20120724/26b45703/attachment-0003.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 281 bytes
Desc: not available
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20120724/26b45703/attachment-0006.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 1723 bytes
Desc: not available
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20120724/26b45703/attachment-0007.gif>


More information about the Users mailing list